Totally Automatic LFI Exploiter & Scanner


LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack.

Features

  • Works with Windows, Linux and OS X
  • Automatic Configuration
  • Automatic Update
  • Provides 8 different Local File Inclusion attack modalities:
    • /proc/self/environ
    • php://filter
    • php://input
    • /proc/self/fd
    • access log
    • phpinfo
    • data://
    • expect://
  • Provides a ninth modality, called Auto-Hack, which scans and exploits the target automatically by trying all the attacks one after the other without you having to do anything (except for providing, at the beginning, a list of paths to scan, which if you don’t have you can find in this project directory in two versions, small and huge).
  • Tor proxy support
  • Reverse Shell for Windows, Linux and OS X

How to use it?

Usage is extremely simple and LFI Suite has an easy-to-use user interface; just run it and let it lead you.

Reverse Shell

When you got a LFI shell by using one of the available attacks, you can easily obtain a reverse shell by entering the command “reverseshell” (obviously you must put your system listening for the reverse connection, for instance using “nc -lvp port”).

Dependencies

  • Python 2.7.x
  • Python extra modules: termcolor, requests
  • socks.py

Totally Automatic LFI Exploiter & Scanner: LFISuite Download

Print Friendly, PDF & Email